Welcome the RSA SecurID® Access Cloud Only Trial. This trial lets you harness the power of RSA SecurID Access from end-user to administration and setup. You’ll be able to see how RSA can provide secure and convenient access to your users for any application cloud to ground. Experience RSA SecurID Access's administrative policies, create and manage users, and perform modern mobile authentication like push to approve with the RSA SecurID Authentication App in minutes. Then apply what you learn to add your own applications and users.

What You Get With Cloud Only Trial

Hosted Resource

Description

Cloud Administration Console

A web-based interface for setup and daily management.

Cloud Authentication Service

Performs run-time authentication for protected resources.

RSA SecurID Authenticate app

User-downloadable app found in the Apple App Store, Google Play, or Microsoft Store used to register your devices.

A web-based application portal

Provides links to available applications.

You also get four demo applications in the Cloud and four demo user accounts in the hosted LDAP directory server. You cannot use your on-premises LDAP directory server.

If you have any questions, contact your RSA Sales representative, or call 800-995-5095 or 1-781-515-7700 and option 1.

Step 1: Sign Up

If you have not yet signed up for the trial, go to RSA SecurID Access Cloud Only Trial, and complete the form. After you confirm your email address, RSA will send you the URLs and sign-in credentials for your demo user accounts.

If you already signed up, you're ready to start! Go to step 2.

Step 2: Register Your Device

Have your mobile device handy. In this step, you register your mobile device with RSA SecurID Access, so that you can use mobile authentication options such as push notifications (Approve).

Using the URL for the application portal provided in your email from RSA, sign in using your credentials.

You are prompted to share your location. You can allow or block it.

In the application portal, you see icons for App A, App B, the hosted LDAP directory server, RSA SecurID Access My Page, the tutorial, and video.

Click My Page and sign in with your credentials.

Follow the prompts to download the RSA SecurID Authenticate app onto your device, and register it using either a QR code or numeric registration code.

That's all there is to device registration. Now let's use the app to try a simple Approve authentication.

Step 3: Do a Test Authentication

Sign out of the application portal and sign in again.

Click App B. You are prompted to Approve.

You are prompted to allow the service to remember your browser, which can simplify future authentications. You can allow or block it.

You're in!

Step 4: Explore the Demo Applications and Policies

Let's explore how you can use policies to control which users can access your applications and how users will authenticate. We'll examine the policy assigned to App B, which you just authenticated to.

Using the URL for the Cloud Administration Console provided in your email from RSA, sign in using your credentials.

You see the main dashboard page.

Click Applications > My Applications to see the list of demo applications.

For App B, click Edit. When the application opens, click the User Access tab. This is where you associate a policy with an application. Notice that the policy assigned to this application is named Allow All Authenticated Users - Low Assurance.

Now click Access > Policies to see a list of all of the policies currently configured. Scroll down to Custom Policies and find Allow All Authenticated Users - Low Assurance. This policy governs access to App B, which you just viewed. Click Edit to open the policy.

Click the Rule Sets tab. This page provides important configuration settings you need to know about and will want to experiment with later. (Don't change any settings now, though.)

The Target Population field tells you who this policy applies to. In this case, it's for all users. Later, you will be able to use this setting to target selected groups of users based on LDAP attributes such as network, job title, and department.

The Access and Additional Authentication fields tell you that users who authenticate are allowed to access applications with no conditional limitations.

The Assurance Level is the list of authentication options available for this target population.

You can see that assurance levels are categorized as High, Medium, and Low. Each level contains different options with varying security strengths. You can modify each level by adding or removing options. Assurance levels help ensure that your most sensitive digital assets are protected by the strongest authentication that is appropriate for your users, while less important assets remain easier for users to access.

Notice that the High level combines multiple options for added security, while the Low level includes options that are relatively simple and convenient for users.

Leave this browser tab open.

Step 5: Update an Access Policy

Now let's make a few changes to an existing access policy.

In the Cloud Administration Console, click Access > Policies.

Scroll down to Allow All Authenticated Users - Low Assurance, and click Edit.

Change the name to Managers or Non-Managers, and click Next Step > Next Step.

Add a rule set to require non-managers to authenticate with Medium Assurance or higher:

The default Medium assurance level requires users to authenticate with either a Device Biometric, such as Fingerprint or Face ID, or the Authenticate Tokencode, an eight-digit number that displays on the home screen of the Authenticate app. Users can also select from options in the High assurance level.

This trial is valid for 14 days after registration. You will receive an email before your trial expires with options if you want to extend it.

If you want to keep using the trial, you must register again. You also must remove the previous account from your RSA SecurID Authenticate app with a simple swipe to delete and then re-register your device just as you did previously.

What LDAP user attributes are synchronized to the Cloud Authentication Service?